package org.fjsei.yewu.security;

import com.fasterxml.jackson.annotation.JsonIgnore;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;
import java.util.Date;
import java.util.UUID;


/* 對比雷同于 org.springframework.security.core.userdetails.User;
    UserDetails接口 那里实际可简单到就是个字符串就行了，代表用户Spring Security认证信息。
 * Spring Security 验证专用的，和数据库－应用系统Ｕｓｅｒ没关系。
 * SpringBoot 安全 给自己做的Repository,和数据库JPA和应用都无关的。具体应用程序还需要再映射一次User模型对象。
 2025/06/05： 把ROLE_JyUser 在通过网络和数据库序列化时刻进行简化，改成JyUser
 */
public class JwtUser implements UserDetails {

    private final UUID id;
    private final String username;
    private final String password;
    private final Collection<? extends GrantedAuthority> authorities;
    private final boolean enabled;
    //和证书有效期相关:  没有配置上发行时间"iat"没法做到!   @Deprecated
    private final Date lastPasswordResetDate;

    public JwtUser(
        UUID id,
        String username,
        String password,
        Collection<? extends GrantedAuthority> authorities,
        boolean enabled,
        Date lastPasswordResetDate
    ) {
        this.id = id;
        this.username = username;
        this.password = password;
        this.authorities = authorities;
        this.enabled = enabled;
        this.lastPasswordResetDate = lastPasswordResetDate;
    }

    @JsonIgnore
    public UUID getId() {
        return id;
    }

    @Override
    public String getUsername() {
        return username;
    }

    @JsonIgnore
    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @JsonIgnore
    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @JsonIgnore
    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @JsonIgnore
    @Override
    public String getPassword() {
        return password;
    }

    /*
    @PreAuthorize注解 ：允许直接使用角色名称（如JyUser），框架会自动添加ROLE_前缀。
    SecurityConfig配置类 ：若直接在配置类中使用hasRole('JyUser')，需显式添加ROLE_前缀（即ROLE_JyUser），否则框架无法识别
    改在JwtUserFactory里面来做的
    * */
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }
//或者这个    public Collection<? extends GrantedAuthority> getAuthorities() {
//        return authorities.stream()
//                .map(role -> new SimpleGrantedAuthority("ROLE_" + role)) // 动态添加前缀
//                .collect(Collectors.toList());
//    }


    @Override
    public boolean isEnabled() {
        return enabled;
    }

    @JsonIgnore
    public Date getLastPasswordResetDate() {
        return lastPasswordResetDate;
    }

    //获取当前用户id,未登陆/匿名的是 -1。
    public static UUID getUserId() {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        if(null==auth)  return null;
        Object principal=auth.getPrincipal();
        if(principal instanceof JwtUser) {
            UUID userid = ((JwtUser) principal).getId();
            return userid;
        }else
             return null;
    }
}

